When you bank online using your Android smartphone, you’d think the bank’s own app would be the best way to connect securely to your account. And it is—if it’s really the bank’s own app.

But what if it isn’t? What if it’s a fake? And how would you know?

In 2013 and 14, more than 4,000 South Korean mobile banking customers, many who were lured by the chance to watch the movie “The Interview,” unwittingly downloaded fake apps that siphoned millions from their accounts—as Simon Huang from the Trend Micro Mobile Threat Research Team describes so chillingly in his whitepaper “The South Korean Fake Banking App Scam”, published in 2015.

The apps were created by a malware “gang” operating out of the Yanbian Prefecture in Jilin, China. They looked and operated just like the real thing—but they stole user information, including mobile phone numbers, account names and numbers, and login credentials—all of which were just the prelude to stealing money from the customers’ accounts.

The problem is acute in developing countries, particularly in places where Google Play is not accessible—where users have to install their apps from third-party stores that don’t have proper auditing processes to keep their sites clean of fake banking apps. The result? Based on data gathered from Trend Micro’s Mobile App Reputation Service (or MARS), for every two legitimate banking apps, there is one malicious or potentially unwanted “trojanized” or “repackaged” fake banking app out there in the world.

Typical infection vectors for fake banking apps include the following:

As in the Yanbian case outlined above, users lured by tempting emails may be convinced to download the attached fake app and install it.

Users may install a fake app shared by their friends on a forum that they frequent.

Since Android devices are easy to root, users may unwittingly install a fake app, or replace the original “true” app with a fake one, all without knowing it.

Finally, banks can be lax in managing updates to their app certificates for specific regions or channels, so users can’t be sure if the app they’ve downloaded is actually real—or a fake one engineered to steal their data.

Trend Micro Mobile Security for Android is designed to protect you from fake banking and billing apps, no matter where you download them from. Using its continually-updated app certificate checking feature, a MARS component in the Smart Protection Network, Trend Micro Mobile Security always knows which banking apps are real and which ones are fake and only designed to look like the real ones.

When you download a banking app and install it, Trend Micro Mobile Security automatically scans it and warns you if it’s fake. It then helps you to install the real one—so you always know the real apps from the fakes.

Get Trend Micro Mobile Security for Android today—so you can protect yourself from fake banking apps and do great things online safely.